SSL logging impact on f5?

Question

Hello Experts,&nbsp;
I was just curious if there would be any impact on performance of f5 if we enabled SSL logging? I found out hot to do it but I don't want to mess up the entire infrastructure. Please let me know if it will slow the working performance of the f5, affect other VIPs configuration or any error/outage at all.&nbsp;
https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html&nbsp;
Thank you all, you are the best.&nbsp;
R&nbsp;

hannes_rapp · Answer

Hi,
An iRule which logs SSL handshake details to a Remote Syslog server (HSL) would not be a problem. Test in QA first and after a successful test in QA, proceed to PROD by progressively enabling it on more Virtual Servers (don't have to implement for all services at once).
When using an iRule logging solution, try to avoid on-appliance logging if possible (i.e. /var/log/ltm or /var/log/user.notice). If you need a permanent solution, go for remote logging (HSL).If you were thinking about SSL Debug as your logging solution (tmsh modify /sys db log.ssl.level value Debug), I would not recommend that as your permanent SSL logging solution since it does not qualify for one. Any built-in debug commands are meant to be used for short-term to troubleshooting on-going incidents or problems.

Forum Discussion

SSL logging impact on f5?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

SSL Orchestrator Enhanced Uses Case: Remote Logging

Remove subnet from NAT pools without any impact

ASM logs

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Elastic"

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS